Saviynt Forums

Ibiza · ‎09/12/2024

I want to integrate MS Fabric with Saviynt.
We are only interested in the workspaces and their members.
We have in in hand a REST api that provdes 2 endpoints :
1 - GET Workspaces : Example : https://api.fabric.microsoft.com/v1/workspaces
An example result is the following :
{
"value": [
{
"id": "8744c9a-3e90-8842e-b976-e83ade1561f9",
"displayName": "MynWorkspace",
"description": "My second workspace",
"type": "Workspace"
},
{
"id": "c642d0cb-3329-45b5-8e32-00a1655f20c5",
"displayName": "Mine",
"description": "Mine Test Workspace",
"type": "Workspace",
"capacityId": "6dd79388-3627-4bdb-9987-e91ef0c2e029"
}
]
}

2- GET access details per workspace : Example : https://api.fabric.microsoft.com/v1/admin/workspaces/8744c9a-3e90-8842e-b976-e83ade1561f9/users
An example result is the following :

{
"accessDetails": [
{
"principal": {
"id": "af5114a9-0949-4b455-b988-8741ezfdf920",
"displayName": "John Smith",
"type": "User",
"userDetails": {
"userPrincipalName": "johnsmith@johnsmith.com"
}
},
"workspaceAccessDetails": {
"type": "Workspace",
"workspaceRole": "Admin"
}
},
{
"principal": {
"id": "09311b7a6-ade-4ada-a7eb-77783ZZs",
"displayName": "My App",
"type": "ServicePrincipal",
"servicePrincipalDetails": {
"aadAppId": "d539808-0e81-dd-c1a47006fa72"
}
},
"workspaceAccessDetails": {
"type": "Workspace",
"workspaceRole": "Admin"
}
}
]
}

This means 8744c9a-3e90-8842e-b976-e83ade1561f9 workspace has two members.

The idea is to get workspaces as entitlements and to get workspaces members (principals) as the corresponding accesses.
What would be the ImportAccountEntJSON config look like.
Thanks for helping.

NM · ‎09/12/2024

@Ibiza you can use dependent call in entitlement import.

You will find the example in developer handbook.

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

rushikeshvartak · ‎09/12/2024

Refer samples - https://docs.saviyntcloud.com/bundle/Dev-Handbook-REST-v24x/page/Content/Developers-Handbook.htm

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Ibiza · ‎09/12/2024

When trying the configuration below, neither accounts nor entitlements are being pulled in Saviynt :

{
"acctEntParams":{
"entTypes":{
"Workspace":{
"call":{
"call1":{
"callOrder":0,
"processingType":"entToAcctMapping",
"stageNumber":0
}
}
}
}
},
"entitlementParams":{
"entTypes":{
"Workspace":{
"call":{
"call1":{
"callOrder":0,
"stageNumber":0,
"http":{
"url":"https://api.fabric.microsoft.com/v1/workspaces",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpParams":"",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"value",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"entitlement_value":"displayName~#~char"
},
"disableDeletedEntitlements":true
}
},
"acctEntMappings":{
"keyField":"entitlementID",
"listField":"value",
"importAsAccount":false
},
"entTypeOrder":1
}
},
"processingType":"SequentialAndIterative",
"connection":"userAuth"
},
"accountParams":{
"call":{
"call1":{
"keyField":"entitlementID",
"callOrder":0,
"stageNumber":0,
"listField":"value",
"http":{
"httpParams":"",
"httpContentType":"application/json",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpMethod":"GET",
"url":"https://api.fabric.microsoft.com/v1/workspaces"
},
"colsToPropsMap":{
"customproperty23":"id~#~char"
}
},
"call2":{
"callOrder":1,
"stageNumber":3,
"http":{
"url":"https://api.fabric.microsoft.com/v1/admin/workspaces/${customproperty23}/users",
"httpHeaders":{
"Authorization":"${access_token}"
},
"httpContentType":"application/json",
"httpMethod":"GET"
},
"inputParams":{
"dependentCall":true
},
"listField":"accessDetails",
"keyField":"accountID",
"nextApiKeyField":"accountID",
"colsToPropsMap":{
"accountID":"principal.id~#~char",
"name":"principal.displayName~#~char",
"customproperty12":"principal.userDetails.userPrincipalName"
}
}
},
"processingType":"SequentialAndIterative",
"connection":"userAuth",
"statusAndThresholdConfig":{
"inactivateAccountsNotInFile":true,
"activeStatus":[
1
],
"deleteAccEntForActiveAccounts":true,
"statusColumn":"customproperty11",
"accountThresholdValue":1000,
"correlateInactiveAccounts":false,
"deleteLinks":true
}
}
}

rushikeshvartak · ‎09/12/2024

Did you validated logs

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM · ‎09/12/2024

Hi @Ibiza , I could see you have defined keyfield as entitlementID in account param..

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Ibiza · ‎09/12/2024

I was having a 401 but my connection test did not show it. That's sorted now. I was able to pull entitlements but accounts job fails with the following error : Field 'NAME' doesn't have a default value

Here is my current accountImportJSON :

{
"acctEntParams":{
"entTypes":{
"Workspace":{
"call":{
"call1":{
"callOrder":0,
"processingType":"entToAcctMapping",
"stageNumber":0
}
}
}
}
},
"entitlementParams":{
"entTypes":{
"Workspace":{
"call":{
"call1":{
"callOrder":0,
"stageNumber": 0,
"http":{
"url":"https://api.fabric.microsoft.com/v1/workspaces",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpParams":"",
"httpContentType":"application/json",
"httpMethod":"GET"
},
"listField":"value",
"keyField":"entitlementID",
"colsToPropsMap":{
"entitlementID":"id~#~char",
"entitlement_value":"displayName~#~char"
},
"disableDeletedEntitlements": true
}
},
"acctEntMappings":{
"keyField":"entitlementID",
"listField":"value",
"importAsAccount":false
},
"entTypeOrder":1
}
},
"processingType":"SequentialAndIterative",
"connection":"userAuth"
},
"accountParams":{
"call":{
"call1":{
"keyField":"customproperty23",
"callOrder":0,
"stageNumber":0,
"listField":"value",
"http":{
"httpParams":"",
"httpContentType":"application/json",
"httpHeaders":{
"Authorization":"${access_token}",
"Accept":"application/json"
},
"httpMethod":"GET",
"url":"https://api.fabric.microsoft.com/v1/workspaces"
},
"colsToPropsMap":{
"customproperty23":"id~#~char"
}
},
"call2": {
"keyField": "accountID",
"callOrder": 1,
"stageNumber": 3,
"http": {
"url": "https://api.fabric.microsoft.com/v1/admin/workspaces/${customproperty23}/users",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"httpMethod": "GET"
},
"inputParams": {
"dependentCall": true
},
"listField": "accessDetails",
"nextApiKeyField": "customproperty23",
"colsToPropsMap": {
"accountID": "principal.id~#~char",
"name": "principal.displayName~#~char",
"customproperty12" : "principal.userDetails.userPrincipalName"
}
}
},
"processingType":"SequentialAndIterative",
"connection":"userAuth",
"statusAndThresholdConfig":{
"inactivateAccountsNotInFile":true,
"activeStatus":[
1
],
"deleteAccEntForActiveAccounts":true,
"statusColumn":"customproperty11",
"accountThresholdValue":1000,
"correlateInactiveAccounts":false,
"deleteLinks":true
}
}
}

NM · ‎09/12/2024

Hi @Ibiza is display name present for each user? Or we do have null values?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Ibiza · ‎09/12/2024

@NM they all have values. See first post by me.

rushikeshvartak · ‎09/12/2024

share full logs in text format

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Ibiza · ‎09/12/2024

@rushikeshvartak Full logs attached.

Ibiza · ‎09/12/2024

[This message has been edited by moderator to mask sensitive information]

stalluri · ‎09/12/2024

@Ibiza

Is the value that you are getting on id unique stored in customproperty23?
You have issue with accountParams
Are you gettting the association entilements to account correct?

Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ibiza · ‎09/12/2024

@stalluri

Thank you for having a look at this.

What I want in the accountParams, is that in the first call, I get all workspaces and then, for each workspcae (second call), I retrieve its accesses. In the first call, I don't need to store anything. But I used the customproperty23 to store the id so that I can use it in the second call as I saw in other dependent calls samples that we use an attribute from the first call.

Welcoming any better ideas.

Are you gettting the association entilements to account correct? --> Not yet, cause I did not get the accounts yet. I was having the Field 'NAME' doesn't have a default value error when I run account import job.

rushikeshvartak · ‎09/12/2024

It seems account name is null which mandatory so validate your mapping

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

stalluri · ‎09/12/2024

@Ibiza

Remove the first call from accountParams.

Hard code the one of the workspaces value on second call and try the import.
"https://api.fabric.microsoft.com/v1/admin/workspaces/<XXXXXXXXXX>/users",

Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ibiza · ‎09/12/2024

@stalluri Hardcoded one workspace. The job is succeeding without accounts imported.

stalluri · ‎09/12/2024

@Ibiza

Can you share the import JSON you are using and longs in text file

Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ibiza · ‎09/13/2024

@stalluri

Hi Here is the config I'm using now :

{

"acctEntParams":{

"entTypes":{

"Workspace":{

"call":{

"call1":{

"callOrder":0,

"processingType":"entToAcctMapping",

"stageNumber":0

}

},

"entitlementParams":{

"entTypes":{

"Workspace":{

"call":{

"call1":{

"callOrder":0,

"stageNumber": 0,

"http":{

"url":"https://api.fabric.microsoft.com/v1/workspaces",

"httpHeaders":{

"Authorization":"${access_token}",

"Accept":"application/json"

},

"httpParams":"",

"httpContentType":"application/json",

"httpMethod":"GET"

},

"listField":"value",

"keyField":"entitlementID",

"colsToPropsMap":{

"entitlementID":"id~#~char",

"entitlement_value":"displayName~#~char"

},

"disableDeletedEntitlements": true

}

},

"acctEntMappings":{

"keyField":"entitlementID",

"listField":"value",

"importAsAccount":false

},

"entTypeOrder":1

}

},

"processingType":"SequentialAndIterative",

"connection":"userAuth"

},

"accountParams":{

"call":{

"call1": {

"keyField": "accountID",

"callOrder": 0,

"stageNumber": 0,

"http": {

"url": "https://api.fabric.microsoft.com/v1/admin/workspaces/80b53c9a-3e90-4731-b976-e83a3d2561f9/users",

"httpHeaders": {

"Authorization": "${access_token}"

},

"httpContentType": "application/json",

"httpMethod": "GET"

},

"inputParams": {

"dependentCall": true

},

"listField": "accessDetails",

"colsToPropsMap": {

"accountID": "principal.id~#~char",

"name": "principal.displayName~#~char",

"customproperty12" : "principal.userDetails.userPrincipalName"

}

},

"processingType":"SequentialAndIterative",

"connection":"userAuth",

"statusAndThresholdConfig":{

"inactivateAccountsNotInFile":true,

"activeStatus":[

1

],

"deleteAccEntForActiveAccounts":true,

"statusColumn":"customproperty11",

"accountThresholdValue":1000,

"correlateInactiveAccounts":false,

"deleteLinks":true

}

And attahced logs in txt format.

So far, the accounts job succeeds but no accounts are ingested.

Here is a sample on the output of https://api.fabric.microsoft.com/v1/admin/workspaces/80b53c9a-3e90-4731-b976-e83a3d2561f9/users :

{

"accessDetails": [

{

"principal": {

"id": "afb1e4a9-0949-4461-b988-5da6a2fdf920",

"displayName": "test RR",

"type": "User",

"userDetails": {

"userPrincipalName": "test@test.com"

}

},

"workspaceAccessDetails": {

"type": "Workspace",

"workspaceRole": "Admin"

}

},

{

"principal": {

"id": "0995b7a6-2959-4ada-a7eb-5616635da37d",

"displayName": "Ms Fabric",

"type": "ServicePrincipal",

"servicePrincipalDetails": {

"aadAppId": "d573f408-0e81-4b6a-900c-c1a47006fa72"

}

},

"workspaceAccessDetails": {

"type": "Workspace",

"workspaceRole": "Admin"

}

},

{

"principal": {

"id": "2e680925-a5d2-4d16-8ee2-cab366554c87",

"displayName": "Azure Test1",

"type": "User",

"userDetails": {

"userPrincipalName": "AzureTest1@test.com"

}

},

"workspaceAccessDetails": {

"type": "Workspace",

"workspaceRole": "Viewer"

}

},

{

"principal": {

"id": "679bcb12-2445-4832-9c79-d7d95398f0ff",

"displayName": "Testing testing",

"type": "User",

"userDetails": {

"userPrincipalName": "testa@test.com"

}

},

"workspaceAccessDetails": {

"type": "Workspace",

"workspaceRole": "Viewer"

}

},

{

"principal": {

"id": "ca55a34a-89ab-4cf4-a853-d4403ae4cb10",

"displayName": "Azure Test2",

"type": "User",

"userDetails": {

"userPrincipalName": "AzureTest2@test.com"

}

},

"workspaceAccessDetails": {

"type": "Workspace",

"workspaceRole": "Contributor"

}

]

}

Thanks.

rushikeshvartak · ‎09/13/2024

Change mapping for account name from display name to userPrincipalName name which will be always unique

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

stalluri · ‎09/13/2024

@Ibiza, Give this a try.
"name": "principal.userDetails.userPrincipalName~#~char",

Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

ImportAccountEntJSON in MS Fabric REST API